Active Requested logs

[Active] Requested logs

I was requested, by Wildfire, to post the following logs:

1-will be Attach and 2-will be DDS

I could not attached as files for some reason therefore I copy and paste, agian thanks for all your help greatly appreciated!!!

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 8/3/2005 9:11:14 AM
System Uptime: 4/19/2009 9:47:15 AM (2 hours ago)

Motherboard: Intel Corporation | | D845GRG
Processor: Intel(R) Pentium(R) 4 CPU 2.40GHz | X1 | 2399/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 33.941 GiB free.
D: is CDROM ()
E: is CDROM ()
T: is NetworkDisk (NTFS) - 75 GiB total, 33.941 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP132: 1/19/2009 4:13:21 AM - System Checkpoint
RP133: 1/19/2009 11:14:36 AM - Software Distribution Service 3.0
RP134: 1/20/2009 12:13:21 PM - System Checkpoint
RP135: 1/21/2009 12:14:25 PM - System Checkpoint
RP136: 1/22/2009 1:13:18 PM - System Checkpoint
RP137: 1/23/2009 1:48:32 AM - Software Distribution Service 3.0
RP138: 2/2/2009 9:38:11 PM - Software Distribution Service 3.0
RP139: 2/3/2009 10:33:59 PM - System Checkpoint
RP140: 2/4/2009 11:21:01 PM - System Checkpoint
RP141: 2/5/2009 2:37:12 PM - Software Distribution Service 3.0
RP142: 2/6/2009 4:10:12 PM - System Checkpoint
RP143: 2/7/2009 4:47:31 PM - System Checkpoint
RP144: 2/8/2009 5:48:36 PM - System Checkpoint
RP145: 2/9/2009 5:55:53 PM - System Checkpoint
RP146: 2/9/2009 11:35:08 PM - Software Distribution Service 3.0
RP147: 2/10/2009 11:55:51 PM - System Checkpoint
RP148: 2/11/2009 3:00:21 AM - Software Distribution Service 3.0
RP149: 2/12/2009 3:14:45 AM - System Checkpoint
RP150: 2/13/2009 2:03:19 AM - Software Distribution Service 3.0
RP151: 2/14/2009 2:26:44 AM - System Checkpoint
RP152: 2/15/2009 3:09:43 AM - System Checkpoint
RP153: 2/16/2009 3:56:44 AM - System Checkpoint
RP154: 2/16/2009 2:26:44 PM - Software Distribution Service 3.0
RP155: 2/17/2009 2:56:44 PM - System Checkpoint
RP156: 2/18/2009 3:57:46 PM - System Checkpoint
RP157: 2/19/2009 4:07:14 PM - System Checkpoint
RP158: 2/19/2009 7:26:59 PM - Software Distribution Service 3.0
RP159: 2/21/2009 2:30:07 AM - System Checkpoint
RP160: 2/22/2009 3:07:14 AM - System Checkpoint
RP161: 2/23/2009 4:07:13 AM - System Checkpoint
RP162: 2/23/2009 8:36:33 PM - Software Distribution Service 3.0
RP163: 2/25/2009 1:10:31 AM - System Checkpoint
RP164: 2/25/2009 3:00:20 AM - Software Distribution Service 3.0
RP165: 2/26/2009 3:00:21 AM - Software Distribution Service 3.0
RP166: 2/27/2009 12:42:44 AM - Software Distribution Service 3.0
RP167: 2/28/2009 12:52:06 AM - System Checkpoint
RP168: 3/1/2009 1:52:05 AM - System Checkpoint
RP169: 3/2/2009 2:03:54 AM - System Checkpoint
RP170: 3/2/2009 9:49:33 AM - Software Distribution Service 3.0
RP171: 3/3/2009 10:03:49 AM - System Checkpoint
RP172: 3/4/2009 11:15:51 AM - System Checkpoint
RP173: 3/4/2009 7:10:27 PM - Installed AVG Free 8.5
RP174: 3/4/2009 7:33:57 PM - Avg8 Update
RP175: 3/5/2009 8:12:35 PM - System Checkpoint
RP176: 3/7/2009 11:13:46 AM - System Checkpoint
RP177: 3/8/2009 11:21:36 AM - System Checkpoint
RP178: 3/9/2009 12:42:29 PM - System Checkpoint
RP179: 3/10/2009 1:04:58 PM - System Checkpoint
RP180: 3/11/2009 2:04:58 PM - System Checkpoint
RP181: 3/11/2009 8:57:18 PM - Software Distribution Service 3.0
RP182: 3/12/2009 5:40:09 PM - Removed Google Earth.
RP183: 3/12/2009 5:43:41 PM - Removed Socrates Media Product Browser
RP184: 3/12/2009 5:47:22 PM - Removed Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
RP185: 3/12/2009 5:47:41 PM - Removed Stamps.com
RP186: 3/12/2009 5:48:47 PM - Removed Virtual Earth 3D (Beta)
RP187: 3/13/2009 6:46:59 PM - System Checkpoint
RP188: 3/14/2009 1:24:46 AM - Software Distribution Service 3.0
RP189: 3/15/2009 3:00:33 AM - Software Distribution Service 3.0
RP190: 3/16/2009 4:23:08 AM - System Checkpoint
RP191: 3/16/2009 12:08:07 PM - Software Distribution Service 3.0
RP192: 3/17/2009 12:56:12 PM - System Checkpoint
RP193: 3/18/2009 2:32:07 PM - System Checkpoint
RP194: 3/19/2009 2:58:12 PM - System Checkpoint
RP195: 3/19/2009 9:01:06 PM - Software Distribution Service 3.0
RP196: 3/20/2009 9:17:14 PM - System Checkpoint
RP197: 3/21/2009 10:16:24 PM - System Checkpoint
RP198: 3/22/2009 11:42:26 PM - System Checkpoint
RP199: 3/24/2009 12:00:14 AM - System Checkpoint
RP200: 3/24/2009 12:17:41 AM - Software Distribution Service 3.0
RP201: 3/25/2009 12:48:49 AM - System Checkpoint
RP202: 3/26/2009 1:01:57 AM - System Checkpoint
RP203: 3/26/2009 8:16:54 AM - Avg8 Update
RP204: 3/26/2009 8:17:58 AM - Avg8 Update
RP205: 3/26/2009 12:57:57 PM - Software Distribution Service 3.0
RP206: 3/27/2009 1:05:06 PM - System Checkpoint
RP207: 3/28/2009 5:06:46 PM - System Checkpoint
RP208: 3/29/2009 6:00:45 PM - System Checkpoint
RP209: 3/30/2009 6:33:45 PM - System Checkpoint
RP210: 3/31/2009 6:44:34 PM - System Checkpoint
RP211: 4/1/2009 7:33:46 PM - System Checkpoint
RP212: 4/2/2009 8:33:47 PM - System Checkpoint
RP213: 4/3/2009 1:55:34 PM - Software Distribution Service 3.0
RP214: 4/4/2009 2:50:15 PM - System Checkpoint
RP215: 4/5/2009 9:34:51 AM - Avg8 Update
RP216: 4/6/2009 10:17:49 AM - System Checkpoint
RP217: 4/6/2009 8:27:37 PM - Software Distribution Service 3.0
RP218: 4/8/2009 4:57:31 AM - System Checkpoint
RP219: 4/8/2009 8:02:56 AM - Ran Paragon System Setup Utility 4/8/2009 8:02:48 AM
RP220: 4/8/2009 8:05:45 AM - Ran Paragon System Setup Utility 4/8/2009 8:05:38 AM
RP221: 4/9/2009 8:36:33 AM - System Checkpoint
RP222: 4/10/2009 8:49:37 AM - System Checkpoint
RP223: 4/11/2009 9:01:38 AM - System Checkpoint
RP224: 4/12/2009 9:32:27 AM - System Checkpoint
RP225: 4/12/2009 9:35:58 PM - Removed AVG 8.5
RP226: 4/13/2009 10:13:05 PM - Software Distribution Service 3.0
RP227: 4/14/2009 11:22:28 PM - System Checkpoint
RP228: 4/15/2009 8:26:47 PM - Windows Defender Checkpoint
RP229: 4/16/2009 9:53:33 PM - System Checkpoint
RP230: 4/17/2009 3:00:28 AM - Software Distribution Service 3.0
RP231: 4/18/2009 3:48:03 AM - System Checkpoint
RP232: 4/19/2009 10:05:17 AM - System Checkpoint

==== Installed Programs ======================

a la mode Vault
Abacast Client
Adobe Acrobat 5.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Shockwave Player
Adobe SVG Viewer 6.0
Agere Systems PCI Soft Modem
Apple Mobile Device Support
Apple Software Update
ARA REALTOR® Forms
Autodesk DWF Viewer
AVS DVD Player version 2.4
AVS Ringtone Maker version 1.6
AVS4YOU Software Navigator 1.2
Bonjour
Build-a-lot (remove only)
Citrix ICA Client
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Creative Driver
Critical Update for Windows Media Player 11 (KB959772)
DesignPro 5.4 Limited Edition
Desktop Doctor
Dictionary
DVD Player
Easy CD Creator 5 Basic
eFax Messenger 4.3
GoToMeeting/GoToWebinar 3.0.0.198
Greeting Card Creator 32
home box office Screen Saver
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
hp deskjet 960c series (Remove only)
hp instant support
HP LaserJet 1200 Uninstaller
HP Memories Disc
HP Photo and Imaging 2.2 - Scanjet 3970 Series
Imagicon
Intel(R) PRO Ethernet Adapter and Software
Intel(R) PROSet II
iTunes
J2SE Runtime Environment 5.0
Java(TM) 6 Update 2
Lernout & Hauspie TruVoice American English TTS Engine
LH 2006 Forms Update
McAfee SecurityCenter
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft ActiveSync 3.8
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office PowerPoint Viewer 2003
Microsoft Office XP Small Business
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft XML Parser and SDK
MSN Music Assistant
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
My Web Search (Webfetti)
My.Freeze.com NetAssistant
MySpaceIM
Palm
PDF-XChange 3.0
PhoneTools
Photo Story 3 for Windows
PriceGong 1.2.0
PS/2 Millennium Keyboard
QuickTime
Real Estate Dashboard
Rhapsody Player Engine
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
ShareIns
Sprint music manager
STARS Service Pack Setup
U3Launcher
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player
WebEx
WebFldrs XP
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live Safety Scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Wyyo 1.0 build 131
XSite Order Manager
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

4/17/2009 7:08:53 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
4/17/2009 7:08:53 PM, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2009 8:24:28 PM, error: DCOM [10001] - Unable to start a DCOM Server: {C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493} as /. The error: "%233" Happened while starting this command: c:\PROGRA~1\mcafee.com\agent\mcagent.exe -Embedding
4/15/2009 8:19:05 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/15/2009 8:19:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the mcmscsvc service.
4/15/2009 8:19:01 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the ImapiService service.
4/14/2009 7:18:10 PM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 0007E99CF942 has been denied by the DHCP server 68.87.68.10 (The DHCP Server sent a DHCPNACK message).
4/14/2009 7:17:40 PM, error: Dhcp [1002] - The IP address lease 67.162.203.38 for the Network Card with network address 0007E99CF942 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
4/12/2009 10:50:36 PM, error: Print [6161] - The document http://carmls.fnismls.com/Paragon/Search/PrintReports.aspx?pg=m owned by Jonathan K. Pyron failed to print on printer hp deskjet 960c. Data type: NT EMF 1.008. Size of the spool file in bytes: 983040. Number of bytes printed: 240312. Total number of pages in the document: 3. Number of pages printed: 1. Client machine: \\JONATHAN-R268HG. Win32 error code returned by the print processor: 13 (0xd).

==== End Of File ===========================


DDS:


DDS (Ver_09-03-16.01) - NTFSx86
Run by Jonathan K. Pyron at 11:25:06.78 on Sun 04/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.986 [GMT -5:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\McAfee\MBK\MBackMonitor.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Documents and Settings\All Users\Application Data\Wyyo\wyyo131.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Wyyo\wyyo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PROMon.exe
C:\WINDOWS\system32\SK9910DM.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\a la mode\Sched\eSched.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\eFax Messenger 4.3\J2GTray.exe
C:\Program Files\Palm\Hotsync.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Sprint music manager\MEMonitor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jonathan K. Pyron\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uWindow Title = Windows Internet Explorer provided by Comcast
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uURLSearchHooks: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com netassistant\NetAssistant.dll
uURLSearchHooks: N/A: {00a6faf6-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: MyWebSearch Search Assistant BHO: {00a6faf1-072e-44cf-8957-5838f569a31d} - c:\program files\mywebsearch\srchastt\1.bin\MWSSRCAS.DLL
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: mwsBar BHO: {07b18ea1-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
BHO: {5a6b3d06-eb3c-4f4a-b4e6-8321f3ead664} - c:\windows\system32\yomejevo.dll
BHO: {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BHO: {c9c42510-9b21-41c1-9dcd-8382a2d07c61} - c:\windows\system32\iehelper.dll
BHO: {1c0708ef-6953-42f8-25e4-e107a66d031d}: {d130d66a-701e-4e52-8f24-3596fe8070c1} - c:\windows\system32\ihyylq.dll
BHO: PriceGongCtrl Class: {d2a2595c-4fe4-4315-aa9b-19dbd6271b71} - c:\program files\pricegong\1.2.0\PriceGongIE.dll
BHO: NetAssistantBHO Class: {e38fa08e-f56a-4169-abf5-5c71e3c153a1} - c:\program files\my.freeze.com netassistant\NetAssistant.dll
TB: My Web Search: {07b18ea9-a523-4961-b6bb-170de4475cca} - c:\program files\mywebsearch\bar\1.bin\MWSBAR.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [pdfSaver3] "c:\program files\tracker software\pdf-xchange 3\pdfsaver\pdfSaver3.exe "
uRun: [a la mode Scheduler Tool] c:\program files\a la mode\sched\eSched.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE "
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
uRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe "
uRun: [system tool] c:\windows\sysguard.exe
uRun: [cdloader] "c:\documents and settings\jonathan k. pyron\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
mRun: [PROMon.exe] PROMon.exe
mRun: [Hot Key Kbd 9910 Daemon] SK9910DM.EXE
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe "
mRun: [Share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [eFax 4.3] "c:\program files\efax messenger 4.3\J2GDllCmd.exe" /R
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_02\bin\jusched.exe "
mRun: [WinampAgent] c:\program files\winamp\wianmpa.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe "
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [posivuhaga] Rundll32.exe "c:\windows\system32\fovigado.dll ",s
mRun: [14f6f07b] rundll32.exe "c:\windows\system32\banurabe.dll ",b
mRun: [CPM17c5c3e7] Rundll32.exe "c:\windows\system32\neyesuzo.dll ",a
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [MBkLogOnHook] c:\program files\mcafee\mbk\LogOnHook.exe
mRun: [MyWebSearch Plugin] rundll32 c:\progra~1\mywebs~1\bar\1.bin\M3PLUGIN.DLL,UPF
mRun: [My Web Search Bar Search Scope Monitor] "c:\progra~1\mywebs~1\bar\1.bin\m3SrchMn.exe" /m=2 /w
mRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRun: [MySpaceIM] c:\program files\myspace\im\MySpaceIM.exe
dRunOnce: [RunNarrator] Narrator.exe
uExplorerRun: [svcho] c:\windows\svcho.exe
mExplorerRun: [2540131162] "c:\windows\system32\noterlog.exe "
StartupFolder: c:\docume~1\jonath~1.pyr\startm~1\programs\startup\memoni~1.lnk - c:\program files\sprint music manager\MEMonitor.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\efax43~1.lnk - c:\program files\efax messenger 4.3\J2GTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palm\Hotsync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm011SIUS
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {53F6FCCD-9E22-4d71-86EA-6E43136192AB}
IE: {925DAB62-F9AC-4221-806A-057BFB1014AA}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\inetrepl.dll
Trusted Zone: carmls.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: virtualearth.net
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {0854D220-A90A-466D-BC02-6683183802B7} - hxxp://carmls.fnismls.com/Paragon/Codebase/FNISPrintControl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - hxxps://www.windowsonecare.com/install/cli/1.0.0971.42/WinSSWebAgent.CAB
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {24075344-C216-4EDF-B001-D2147ACC9883} - file://c:\win2005\win2000\content\cabs\alaWeb.CAB
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {3F7E91A0-E33C-11d5-8736-00010260CD82} - hxxp://www.javasonics.com/plugins/JavaSonicsPlugin_0_7_1_27.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://scan.safety.live.com/resource/download/scanner/wlscbase969.cab
DPF: {609EBA94-4FDD-4AB9-80FA-9CE378606855} - hxxp://mioctad.com/b8d11eea/50303/1/xp/FreeAccess.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - hxxp://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_2.ocx
DPF: {845A8B24-D89F-11D1-9DA4-0080C885B976} - hxxp://carmls.fnismls.com/Paragon/Codebase/Galaxy.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} - hxxp://www.servicehonda.com/TSWeb/msrdp.cab
DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - hxxp://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab
DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxp://www.bbtj.net/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
DPF: {A7DB6550-3269-11D4-8C30-0001023CA9DC} - hxxp://vault.alamode.com/cab/vfd.cab
DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} - file://c:\win2005\win2000\content\cabs\alaGrid.CAB
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {D270FE47-4F7B-4AFF-BCF8-B023A6FF4DFA} - hxxp://carmls.fnismls.com/Paragon/Codebase/SystemChecker.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://otxevents.webex.com/client/v_mywebex-t20/event/ieatgpc.cab
DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - hxxp://download.abacast.com/download/files/abasetup161.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} - hxxps://www.plaxo.com/activex/plx_upldr-2k-xp.cab
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\neyesuzo.dll
STS: STS: {ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} - c:\windows\system32\neyesuzo.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
LSA: Notification Packages = scecli c:\windows\system32\zufanudi.dll

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-4-12 201320]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2006-9-14 70016]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-4-12 359248]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-4-12 144704]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 Wyyo Service;Wyyo Service;c:\documents and settings\all users\application data\wyyo\wyyo131.exe [2009-4-16 54752]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-4-12 695624]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-4-12 79304]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-4-12 35240]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-4-12 40488]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [2009-4-18 28762]
S3 iscFlash;iscFlash;\??\c:\windows\system32\drivers\iscflash.sys --> c:\windows\system32\drivers\iscflash.sys [?]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-4-12 33832]

=============== Created Last 30 ================

4/18/2009 19:21 28,672 a------- c:\windows\system32\f3PSSavr.scr
4/18/2009 19:21 <DIR> --d----- c:\program files\MyWebSearch
4/18/2009 19:20 <DIR> --d----- c:\program files\FunWebProducts
4/18/2009 12:43 <DIR> --d----- c:\docume~1\jonath~1.pyr\applic~1\McAfee
4/17/2009 3:05 197 a------- c:\windows\system32\MRT.INI
4/16/2009 13:50 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
4/16/2009 13:50 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
4/16/2009 13:50 110,592 -c------ c:\windows\system32\dllcache\services.exe
4/16/2009 13:50 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
4/16/2009 13:50 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
4/16/2009 13:50 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
4/16/2009 13:50 729,088 -c------ c:\windows\system32\dllcache\lsasrv.dll
4/16/2009 13:50 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
4/16/2009 13:50 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
4/16/2009 13:49 2,560 -------- c:\windows\system32\xpsp4res.dll
4/16/2009 13:49 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
4/16/2009 13:49 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
4/14/2009 4:37 <DIR> --d----- c:\docume~1\jonath~1.pyr\applic~1\PriceGong
4/14/2009 4:37 <DIR> --d----- c:\program files\PriceGong
4/14/2009 4:37 <DIR> --d----- c:\program files\My.Freeze.com NetAssistant
4/12/2009 21:47 11,811 a------- c:\windows\system32\Config.MPF
4/12/2009 21:41 33,832 a------- c:\windows\system32\drivers\mferkdk.sys
4/12/2009 21:41 40,488 a------- c:\windows\system32\drivers\mfesmfk.sys
4/12/2009 21:41 35,240 a------- c:\windows\system32\drivers\mfebopk.sys
4/12/2009 21:41 201,320 a------- c:\windows\system32\drivers\mfehidk.sys
4/12/2009 21:41 79,304 a------- c:\windows\system32\drivers\mfeavfk.sys
4/12/2009 21:41 113,952 a------- c:\windows\system32\drivers\Mpfp.sys
4/12/2009 21:39 <DIR> --d----- c:\program files\McAfee.com
4/12/2009 21:39 <DIR> --d----- c:\program files\common files\McAfee
4/12/2009 21:39 <DIR> --d----- c:\program files\McAfee
4/6/2009 19:49 51,978 a------- c:\windows\Sysvxd.exe
3/21/2009 9:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll
3/20/2009 18:57 <DIR> --d----- c:\docume~1\jonath~1.pyr\applic~1\mjusbsp

==================== Find3M ====================

3/6/2009 9:22 284,160 a------- c:\windows\system32\pdh.dll
3/2/2009 19:18 826,368 a------- c:\windows\system32\wininet.dll
2/20/2009 13:09 78,336 a------- c:\windows\system32\ieencode.dll
2/9/2009 7:10 729,088 a------- c:\windows\system32\lsasrv.dll
2/9/2009 7:10 714,752 a------- c:\windows\system32\ntdll.dll
2/9/2009 7:10 401,408 a------- c:\windows\system32\rpcss.dll
2/9/2009 7:10 617,472 -------- c:\windows\system32\advapi32.dll
2/9/2009 6:13 1,846,784 a------- c:\windows\system32\win32k.sys
2/7/2009 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2/6/2009 6:11 110,592 a------- c:\windows\system32\services.exe
2/6/2009 6:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2/6/2009 5:39 35,328 a------- c:\windows\system32\sc.exe
2/3/2009 14:59 56,832 a------- c:\windows\system32\secur32.dll
4/20/2008 8:54 124,408 ac------ c:\docume~1\jonath~1.pyr\applic~1\GDIPFONTCACHEV1.DAT
9/24/2008 8:34 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092420080925\index.dat

============= FINISH: 11:28:39.00 ===============

 

Welcome to WindowsBBS JPyron30

My knee-jerk response to your post was initially going to be a question - 'Why was it requested that you post a log?' - however, after a quick review of your log, I've no need to ask. I can see that your machine has suffered from infections. Lets get to work on it.

Please visit the following webpage for instructions for downloading and running ComboFix

How to use ComboFix


Download ComboFix by sUBs from here, saving the file to your desktop.


Disable realtime protection applications as they sometimes interfere with the tool. Check this link for your applicable programs.

• Close all open programs and windows
• Double click ComboFix.exe and follow the prompts.
• It may reboot your computer and resume running when you logon. Wait for it to complete. When finished, it will open a log for you. Post that log in your next reply.

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

**NOTE - I recommend you allow the Recovery Console to be downloaded and installed if or when prompted.

 

This is the result from the ComboFix Scan, any thoughts?

ComboFix 09-04-21.A7 - Jonathan K. Pyron 04/21/2009 10:56.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1472 [GMT -5:00]
Running from: c:\documents and settings\Jonathan K. Pyron\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning enabled* (Updated)
FW: McAfee Personal Firewall *enabled*
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\_ISTMP0.DIR\ctl3d32.dll
c:\windows\TEMP\GLFD3.EXE
c:\windows\TEMP\mpasbase.vdm
c:\windows\TEMP\mpasdlta.vdm
c:\windows\TEMP\MpEngine.dll
c:\windows\TEMP\regincd.exe
c:\windows\TEMP\regincd2.exe
c:\windows\TEMP\TMP00000014FD166C27693FD5BB
c:\windows\TEMP\WYY1267.tmp\upgrade.exe
c:\windows\TEMP\WYY18C.tmp\upgrade.exe
.
---- Previous Run -------
.
c:\docume~1\JONATH~1.PYR\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\Allen Davis\Application Data\ptads.bin
c:\documents and settings\Jonathan K. Pyron\Application Data\Microsoft\SystemCertificates\Request
c:\windows\Sysvxd.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-21 to 2009-04-21 )))))))))))))))))))))))))))))))
.

2009-04-21 15:50 . 2009-04-21 15:50 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-21 15:50 . 2009-04-21 15:50 1409 ----a-w c:\windows\QTFont.for
2009-04-19 23:02 . 2009-04-19 23:02 -------- d-----w c:\documents and settings\Guest\Application Data\McAfee
2009-04-19 23:01 . 2009-04-19 23:02 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\ApplicationHistory
2009-04-18 17:54 . 2009-04-18 17:54 -------- d-----w c:\documents and settings\LocalService\Application Data\McAfee
2009-04-18 17:43 . 2009-04-18 17:43 -------- d-----w c:\documents and settings\Jonathan K. Pyron\Application Data\McAfee
2009-04-17 08:05 . 2009-04-17 08:05 197 ----a-w c:\windows\system32\MRT.INI
2009-04-16 18:50 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-16 18:50 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-16 18:50 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-16 18:50 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-16 18:50 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-16 18:50 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-16 18:50 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-16 18:50 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-16 18:50 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-16 18:49 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-16 18:49 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 18:49 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-16 01:09 . 2009-04-16 01:09 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2009-04-15 08:35 . 2009-04-15 08:35 -------- d-----w c:\documents and settings\Guest\Application Data\PriceGong
2009-04-14 09:37 . 2009-04-14 09:37 -------- d-----w c:\documents and settings\Jonathan K. Pyron\Application Data\PriceGong
2009-04-13 02:47 . 2009-04-21 15:49 13543 ----a-w c:\windows\system32\Config.MPF
2009-04-13 02:41 . 2007-11-22 11:44 33832 ----a-w c:\windows\system32\drivers\mferkdk.sys
2009-04-13 02:41 . 2007-12-02 17:51 40488 ----a-w c:\windows\system32\drivers\mfesmfk.sys
2009-04-13 02:41 . 2007-11-22 11:44 35240 ----a-w c:\windows\system32\drivers\mfebopk.sys
2009-04-13 02:41 . 2007-11-22 11:44 79304 ----a-w c:\windows\system32\drivers\mfeavfk.sys
2009-04-13 02:41 . 2007-11-22 11:44 201320 ----a-w c:\windows\system32\drivers\mfehidk.sys
2009-04-13 02:41 . 2007-07-13 11:20 113952 ----a-w c:\windows\system32\drivers\Mpfp.sys
2009-04-13 02:23 . 2009-04-18 17:43 -------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2009-03-28 19:29 . 2009-03-28 19:29 -------- d-----w c:\documents and settings\Guest\Application Data\Winamp
2009-03-23 18:08 . 2009-03-23 18:08 -------- d-----w c:\documents and settings\Jonathan K. Pyron\Local Settings\Application Data\tjnet

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 13:46 . 2005-09-21 19:40 -------- d-----w c:\program files\MSN Messenger
2009-04-19 21:05 . 2005-08-03 14:46 -------- d-----w c:\program files\The Weather Channel FW
2009-04-18 00:19 . 2007-01-18 16:36 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-17 08:13 . 2009-04-13 02:39 -------- d-----w c:\program files\McAfee
2009-04-17 08:02 . 2005-08-03 16:22 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-14 09:38 . 2009-04-14 09:37 -------- d-----w c:\program files\PriceGong
2009-04-14 09:38 . 2009-03-12 06:46 -------- d-----w c:\program files\Free Offers from Freeze.com
2009-04-13 02:41 . 2009-04-13 02:39 -------- d-----w c:\program files\Common Files\McAfee
2009-04-13 02:40 . 2009-04-13 02:39 -------- d-----w c:\program files\McAfee.com
2009-04-10 22:24 . 2007-05-02 23:16 -------- d-----w c:\program files\ARAForms
2009-04-09 01:50 . 2009-03-20 23:57 -------- d-----w c:\documents and settings\Jonathan K. Pyron\Application Data\mjusbsp
2009-04-08 13:09 . 2007-10-23 13:10 -------- d-----w c:\program files\Sprint music manager
2009-04-03 17:40 . 2008-04-22 11:23 1097 ----a-w C:\net_save.dna
2009-04-03 17:40 . 2008-04-22 11:23 -------- d-----w c:\program files\support.com
2009-03-28 00:34 . 2008-08-10 22:26 -------- d-----w c:\program files\ComcastToolbar
2009-03-25 06:02 . 2009-02-10 00:14 -------- d-----w c:\documents and settings\Guest\Application Data\COMCASTTOOLBAR
2009-03-12 23:47 . 2008-04-26 12:57 -------- d-----w c:\program files\Stamps.com Internet Postage
2009-03-12 23:43 . 2006-01-23 18:20 -------- d-----w c:\program files\SocratesMedia
2009-03-12 06:52 . 2009-03-12 06:52 -------- d-----w c:\documents and settings\All Users\Application Data\Winferno
2009-03-12 06:46 . 2009-03-12 06:46 -------- d-----w c:\program files\Freeze.com
2009-03-06 19:25 . 2005-08-07 17:40 124408 -c--a-w c:\documents and settings\Jonathan K. Pyron\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2001-08-30 10:30 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-05 17:59 . 2008-10-10 13:07 124408 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-05 01:10 . 2009-03-05 01:10 -------- d-----w c:\program files\AVG
2009-03-04 01:51 . 2009-03-04 01:51 -------- d-----w c:\documents and settings\Jonathan K. Pyron\Application Data\Smith Micro
2009-03-03 00:18 . 2004-01-08 20:23 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-26 12:40 . 2008-01-23 23:26 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-24 13:29 . 2008-03-20 17:20 -------- d-----w c:\program files\Windows Media Connect 2
2009-02-20 18:09 . 2004-08-04 07:56 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-20 16:43 . 2006-06-18 21:12 -------- d-----w c:\documents and settings\Jonathan K. Pyron\Application Data\U3
2009-02-09 12:10 . 2001-08-30 10:30 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-08-05 13:22 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2001-08-30 10:30 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2001-08-30 10:30 617472 ------w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2001-08-30 10:30 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 00:02 . 2001-08-17 13:48 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2001-08-30 10:30 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2001-08-30 10:30 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2001-08-30 10:30 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2001-08-30 10:30 56832 ----a-w c:\windows\system32\secur32.dll
2008-04-20 13:54 . 2005-10-04 22:26 124408 -c--a-w c:\documents and settings\Jonathan K. Pyron\Application Data\GDIPFONTCACHEV1.DAT
2007-04-14 09:35 . 2007-04-14 09:35 140 ----a-w c:\documents and settings\Jonathan K. Pyron\Local Settings\Application Data\fusioncache.dat
2008-09-24 13:34 . 2008-09-24 13:34 32768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092420080925\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D2A2595C-4FE4-4315-AA9B-19DBD6271B71}]
2009-03-09 02:09 271672 ----a-w c:\program files\PriceGong\1.2.0\PriceGongIE.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3 "= "c:\program files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-07-18 368640]
"a la mode Scheduler Tool "= "c:\program files\a la mode\Sched\eSched.exe" [2007-04-16 99840]
"Yahoo! Pager "= "c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2006-12-01 4662776]
"H/PC Connection Agent "= "c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2005-01-04 405583]
"ctfmon.exe "= "c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr "= "c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"AdobeUpdater "= "c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-08 2356088]
"cdloader "= "c:\documents and settings\Jonathan K. Pyron\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD "= "c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032]
"Share-to-Web Namespace Daemon "= "c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HPDJ Taskbar Utility "= "c:\windows\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-07 196608]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"eFax 4.3 "= "c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"SunJavaUpdateSched "= "c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2008-02-04 267048]
"ddoctorv2 "= "c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"mcagent_exe "= "c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"MBkLogOnHook "= "c:\program files\McAfee\MBK\LogOnHook.exe" [2007-01-08 20480]
"PROMon.exe "= "PROMon.exe" - c:\windows\system32\PROMon.exe [2002-04-18 73728]
"Hot Key Kbd 9910 Daemon "= "SK9910DM.EXE" - c:\windows\system32\SK9910DM.EXE [2001-01-03 66048]
"AGRSMMSG "= "AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-06-29 88363]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting "= "c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
"MySpaceIM "= "c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator "= "Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"2540131162 "= "c:\windows\system32\noterlog.exe" [2008-08-05 54421]

c:\documents and settings\Jonathan K. Pyron\Start Menu\Programs\Startup\
MEMonitor.lnk - c:\program files\Sprint music manager\MEMonitor.exe [2007-10-23 2356568]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-1-31 82026]
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2007-3-18 629248]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
LaunchU3.exe.lnk - c:\windows\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2007-11-20 1078]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify "=dword:00000001
"FirewallDisableNotify "=dword:00000001
"UpdatesDisableNotify "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\a la mode\\sched\\eSched.exe "=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe "=
"c:\\Documents and Settings\\Jonathan K. Pyron\\Application Data\\mjusbsp\\magicJack.exe "=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe "=
"c:\\Program Files\\MSN Messenger\\livecall.exe "=

R3 iscFlash;iscFlash; [x]
S2 LxrSII1d;Secure II Driver;c:\windows\system32\Drivers\LxrSII1d.sys [2005-05-19 70016]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e7f66698-ff6c-11dd-8761-0007e99cf942}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-04-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-13 18:32]

2009-04-13 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-04-13 18:32]

2009-04-21 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]

2009-04-21 c:\windows\Tasks\User_Feed_Synchronization-{E82A086B-49BC-4CE5-A346-BBF8AB8B7E77}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 17:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{5a6b3d06-eb3c-4f4a-b4e6-8321f3ead664} - c:\windows\system32\yomejevo.dll
BHO-{d130d66a-701e-4e52-8f24-3596fe8070c1} - c:\windows\system32\ihyylq.dll
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\wianmpa.exe
HKLM-Run-posivuhaga - c:\windows\system32\fovigado.dll
HKLM-Run-14f6f07b - c:\windows\system32\banurabe.dll
HKLM-Run-CPM17c5c3e7 - c:\windows\system32\neyesuzo.dll
HKLM-Run-<NO NAME> - (no file)
HKCU-Explorer_Run-svcho - c:\windows\svcho.exe


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKxdm011SIUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: carmls.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: virtualearth.net
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {24075344-C216-4EDF-B001-D2147ACC9883} - file://c:\win2005\WIN2000\CONTENT\cabs\alaWeb.CAB
DPF: {3F7E91A0-E33C-11d5-8736-00010260CD82} - hxxp://www.javasonics.com/plugins/JavaSonicsPlugin_0_7_1_27.cab
DPF: {609EBA94-4FDD-4AB9-80FA-9CE378606855} - hxxp://mioctad.com/b8d11eea/50303/1/xp/FreeAccess.cab
DPF: {845A8B24-D89F-11D1-9DA4-0080C885B976} - hxxp://carmls.fnismls.com/Paragon/Codebase/Galaxy.cab
DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxp://www.bbtj.net/crystalreportviewers10/ActiveXControls/ActiveXViewer.cab
DPF: {AED6797A-D608-11D4-89D2-00105AA3C57F} - file://c:\win2005\WIN2000\CONTENT\cabs\alaGrid.CAB
DPF: {D270FE47-4F7B-4AFF-BCF8-B023A6FF4DFA} - hxxp://carmls.fnismls.com/Paragon/Codebase/SystemChecker.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-21 11:13
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwQueryDirectoryFile, ZwQuerySystemInformation

scanning hidden processes ...

c:\windows\system32\rundll32.exe [2276] 0x88F97868

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*i = rundll32 \\?\c:\windows\lpt4.vfb,yzlfpfkfzgshlalf
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
2540131162 = "c:\windows\system32\noterlog.exe"

scanning hidden files ...


c:\windows\lpt4.vfb 157162 bytes executable
c:\windows\udwlu1.dll 73591 bytes


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-343818398-725345543-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-2000478354-343818398-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61F88285-7E18-FAD0-0DEB-8328466E0926}*]
"hadcgconhleikejb "=hex:6a,61,69,63,6f,61,65,6d,70,69,6a,63,6b,64,70,64,65,6e,
70,6e,00,2f
"ianbmbjnohphlpjijm "=hex:6b,61,6a,63,64,61,64,61,69,64,6d,6b,68,65,64,63,70,63,
70,6e,6d,64,00,00
.
Completion time: 2009-04-21 11:22
ComboFix-quarantined-files.txt 2009-04-21 16:20

Pre-Run: 37,548,744,704 bytes free
Post-Run: 48,973,533,184 bytes free

263 --- E O F --- 2009-04-21 07:24

 

Once again, please disable any realtime protection applications. Highlight and copy the contents of the code box below and paste it into a blank notepad, then save it to your desktop as;

Filename: CFScript.txt
Save As Type: All Files (*.*)

Code:

http://www.windowsbbs.com/malware-virus-removal/83461-active-requested-logs.html
Suspect::[22]
c:\windows\lpt4.vfb
c:\windows\udwlu1.dll
RegNull::
[HKEY_USERS\S-1-5-21-2000478354-343818398-725345543-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{61F88285-7E18-FAD0-0DEB-8328466E0926}*]
DDS::
mExplorerRun: [2540131162]  "c:\windows\system32\noterlog.exe "

Close all other windows and programs. Now drag the CFScript.txt onto ComboFix.exe and drop it, using the left mouse button. Combofix should run and may reboot the computer when it's done. A log will open when it's complete. Post the contents of that log here.

Please do not click on the ComboFix window while it is running a scan. This can cause it to stall.


Please note that I have instructed CFScript to collect some files for analysis. This means that when ComboFix finishes, you will be prompted to allow ComboFix to upload a zip file that was created. The zip contains the aforementioned files. If the upload fails you will be be presented with instructions for uploading it manually. Please do so and let me know the results. Thanks!

**NOTE - Allow ComboFix to update if prompted.

 

Sorry Dave,

My bad, I've changed my default response to these type of issues so it shouldn't happen again.

 

Thanks wildfire